From 084bdf5399d7fd2a84d075a0aa1f38a2151b1776 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Sun, 17 Mar 1996 20:02:00 +0000
Subject: added NO_DOT_PATH

---
 OPTIONS     | 5 +++++
 find_path.c | 6 ++++++
 options.h   | 1 +
 3 files changed, 12 insertions(+)

diff --git a/OPTIONS b/OPTIONS
index 0dd2cfbbb..b0875559e 100644
--- a/OPTIONS
+++ b/OPTIONS
@@ -153,6 +153,11 @@ SECURE_PATH
     NOTE: SECURE_PATH is not applied to users in the EXEMPTGROUP.
     This is off by default.
 
+NO_DOT_PATH
+    If defined, sudo will ignore '.' or '' (current dir) in $PATH.
+    The $PATH itself is not modified.
+    This is off by default.
+
 USE_EXECV
     Use execv() to exec the command instead of execvp().  I can't think of
     a reason to actually do this since execvp() is passed a fully qualified
diff --git a/find_path.c b/find_path.c
index 1af07592f..9290d3577 100644
--- a/find_path.c
+++ b/find_path.c
@@ -99,7 +99,9 @@ char * find_path(file)
     char *path = NULL;		/* contents of PATH env var */
     char *origpath;		/* so we can free path later */
     char *result = NULL;	/* result of path/file lookup */
+#ifndef NO_DOT_PATH
     int checkdot = 0;		/* check current dir? */
+#endif /* NO_DOT_PATH */
 
     command[0] = '\0';
 
@@ -148,7 +150,9 @@ char * find_path(file)
 	 * things like using './' or './/' 
 	 */
 	if (*path == '\0' || (*path == '.' && *(path + 1) == '\0')) {
+#ifndef NO_DOT_PATH
 	    checkdot = 1;
+#endif /* NO_DOT_PATH */
 	    path = n + 1;
 	    continue;
 	}
@@ -169,11 +173,13 @@ char * find_path(file)
 
     } while (n);
 
+#ifndef NO_DOT_PATH
     /*
      * check current dir if dot was in the PATH
      */
     if (!result && checkdot)
 	result = sudo_goodpath(file);
+#endif /* NO_DOT_PATH */
 
     (void) free(origpath);
 
diff --git a/options.h b/options.h
index 91443873a..be414e5bb 100644
--- a/options.h
+++ b/options.h
@@ -56,6 +56,7 @@
 #define INCORRECT_PASSWORD "Sorry, try again." /* message for bad passwd */
 #define MAILSUBJECT "*** SECURITY information ***" /* subject of mail sent */
 #define PASSPROMPT "Password:"	/* default password prompt */
+/*#define NO_DOT_PATH		/* ignore '.' if in $PATH */
 /*#define SECURE_PATH	"/bin:/usr/ucb:/usr/bin:/usr/etc:/etc" /* secure path */
 /*#define USE_EXECV		/* use execv() instead of execvp() */
 /*#define SHELL_IF_NO_ARGS	/* if sudo is given no arguments run a shell */
-- 
cgit v1.2.1